Between September 11 and 13, 2024, Hetq.am was hit by an exceptionally large Distributed Denial of Service (DDoS) attack. 

This was a massive cyber-attack that sought to flood Hetq’s servers with traffic that was beyond its capacity, thus rendering the website inoperable. The attack originated from   the United Kingdom, Singapore, United States, Greece, Japan, Lithuania, Switzerland, Chile, Serbia, and Egypt. This global reach coupled with the extremely high number of requests that were malicious underlines that this was a well-coordinated and highly complex attack.

Scale of the attack

To appreciate the scale of the DDoS attack, it is necessary to begin with Hetq.am’s typical traffic patterns.

 On normal days, the platform gets between 25k to 35k requests in the same period (hour). However, during the attack, the number of requests increased to 27 million on the first day and 36 million on the second day - 112400% increase in requests in the same period.

The attackers used botnets, which coordinated a large number of requests from different countries to overload Hetq.am’s infrastructure. The traffic increase was to flood the server with requests and try to crash it, thereby stopping the delivery of news and investigations that Hetq is famous for.

Mobile app identifiers in HTTP headers: A new method of avoiding detection

Interestingly, the attack was characterized using non-standard HTTP headers that indicated the nature of the requests. Analysis of the data revealed that the headers included identifiers typically associated with mobile applications. These identifiers included:

com.facebook.katana (Facebook app) org.telegram.messenger (Telegram) com.google.android.googlequicksearchbox (Google Search) com.facebook.lite (Facebook Lite) com.facebook.orca (Facebook Messenger) com.instagram.android (Instagram) com.google.android.apps.searchlite (Google Search Lite) and more.

The use of these application headers suggests that the attackers may have attempted to disguise their malicious requests as legitimate traffic originating from popular apps and services, making it more difficult for automated defenses to detect and mitigate the threat.

Website stability during the attack

However, the scale and duration of the attack did not prevent Hetq.am from demonstrating remarkable resilience. While the attackers kept on trying to flood the site, Hetq.am was mostly available during the DDoS attack and did not experience extended periods of downtime. The fact that it was able to continue its online presence during such a massive attack suggests that there are measures in place such as the Armour's shield.

While there could have been a slow performance, the site remained up and running and reachable to its audience. This ability to avoid long-term disruption underlines the need for preparedness and good cybersecurity measures in media companies.

Cybersecurity and the protection of free speech

Such DDoS attacks as this one prove that news organizations are becoming increasingly exposed to cyber risks. Some of the independent media outlets including Hetq.am, which depend on their websites to share important investigative pieces, are most vulnerable to such attacks. Global botnets and the amount of traffic that is being targeted at Hetq.am also question the reasons behind the attack concerning the suppression of free speech and the stifling of dissent.

This attack on Hetq.am   serves as a reminder that journalism in the age of the internet is not without its problems that are not necessarily political or legal but cyber threats. It also underscores the need for media outlets to improve their security measures, especially for those that often publish investigative reports on sensitive issues.

As such attacks are becoming more diverse every year, it is crucial for platforms like Hetq.am to prepare to face other risks that may come. The broader media industry must also join forces to share information, experience, and strategies in defending the freedom of the press from such cyber-attacks.

Vardan Torosyan
CEO & Founder at Matemat